.jpg "Opportunities, Appliacation, Openings"){kind=small}
.jpg "Hand Job, Blow Job, Job Search, Monster Job"){kind=small}
.jpg "pusat resume, daftar kerja, cari kerja"){kind=small}
.jpg "Project Manager, SOftware Engineer, SAP Consultant"){kind=small}
SMURF attack mitigation features…
All, I’m curious as to what SMURF attack mitigation features there are… If I am correct in my understanding of a SMURF attack it is set up as follows:
The attacker is on a remote segment using a directed broadcast at a target on your LAN segment
How can we mitigate these attacks?
What I’m aware of (please tell me if I’m off-base or should be doing more/less)…
-Enable unicast RPF on your WAN interface (stops receiving fake source addresses) -No ip directed-broadcast under your LAN interface (stops sending off-network broadcasts) -Put an ACL on the WAN interface that does a ‘log-input’ on the end or also ip source-track (lets you figure out where your attacker is)
What is the difference between ip source-track and doing a permit ip any any log-input in an ACL?
Thanks in advance!!! — Tony Paterra apaterra@gmail.com
